{% macro initial_cluster() -%}
{% for host in groups[etcd_peers_group] -%}
  {{ hostvars[host]['ansible_hostname'] }}={{ etcd_peer_url_scheme }}://{{ hostvars[host]['ansible_' + etcd.interface].ipv4.address }}:{{ etcd.peer_port }}
  {%- if not loop.last -%},{%- endif -%}
{%- endfor -%}
{% endmacro -%}
apiVersion: v1
kind: Pod
metadata:
  labels:
    component: etcd
    tier: control-plane
  name: etcd
  namespace: kube-system
spec:
  containers:
  - command:
    - etcd
    - --advertise-client-urls={{ etcd_advertise_client_urls }}
    - --cert-file=/etc/kubernetes/pki/etcd.pem
    - --client-cert-auth=true
    - --data-dir=/var/lib/etcd
    - --initial-advertise-peer-urls={{ etcd_initial_advertise_peer_urls }}
    - --initial-cluster={{ initial_cluster() }}
    - --key-file=/etc/kubernetes/pki/etcd-key.pem
    - --listen-client-urls={{ etcd_listen_client_urls }}
    - --listen-peer-urls={{ etcd_listen_peer_urls }}
{% if groups[etcd_peers_group] and groups[etcd_peers_group] | length > 0 %}
    - --name={{ ansible_hostname }}
{% else %}
    - --name=default
{% endif %}
    - --peer-cert-file=/etc/kubernetes/pki/etcd.pem
    - --peer-client-cert-auth=true
    - --peer-key-file=/etc/kubernetes/pki/etcd-key.pem
    - --peer-trusted-ca-file=/etc/kubernetes/pki/ca.pem
    - --snapshot-count=10000
    - --trusted-ca-file=/etc/kubernetes/pki/ca.pem
    image: {{ etcd_image }}
    imagePullPolicy: IfNotPresent
    livenessProbe:
      exec:
        command:
        - /bin/sh
        - -ec
        - ETCDCTL_API=3 etcdctl --endpoints={{ etcd_advertise_client_urls }} --cacert=/etc/kubernetes/pki/ca.pem
          --cert=/etc/kubernetes/pki/etcd.pem --key=/etc/kubernetes/pki/etcd-key.pem
          get foo
      failureThreshold: 8
      initialDelaySeconds: 15
      timeoutSeconds: 15
    name: etcd
    resources: {}
    volumeMounts:
    - mountPath: /var/lib/etcd
      name: etcd-data
    - mountPath: /etc/kubernetes/pki
      name: etcd-certs
  hostNetwork: true
  priorityClassName: system-cluster-critical
  volumes:
  - hostPath:
      path: /etc/kubernetes/pki
      type: DirectoryOrCreate
    name: etcd-certs
  - hostPath:
      path: /var/lib/etcd
      type: DirectoryOrCreate
    name: etcd-data
